Thanks Shawn....I suspect I will have to go to Pulled Pork at some
time...I hope it's not too much of a hassle ;)
James
On 10/8/10 10:02 AM, "Jefferson, Shawn" <Shawn.Jefferson at ...14448...>
wrote:
>PulledPork has this functionality built in.. you can disable rules based
>on a PCRE. I don't run McAfee VirusScan for instance, so I can disable
>all current and all future rules for it. Also, it's currently being
>developed, unlike Oinkmaster.
>>>-----Original Message-----
>From: Josh Little [mailto:josh at ...14998...]
>Sent: Friday, October 08, 2010 6:09 AM
>To: snort-users at lists.sourceforge.net>Subject: Re: [Snort-users] Fine tuning Snort
>>I have a small tool written in Perl called Pigsty that will automate
>finding any sigs in your enabled ruleset that match a pattern. The tool
>will output a list of disablesid lines that you can then drop into your
>oinkmaster.conf file or have the tool directly append the file. This
>makes cleaning up your current rules much easier. You could probably
>modify the oinkmaster perl script to run Pigsty just after the latests
>sigs are downloaded and before the routine for commenting out disabled
>sids completes.
>>Find it at http://zombietango.com/blog/tools/>>ZT
>>>--------------------------------------------------------------------------
>----
>Beautiful is writing same markup. Internet Explorer 9 supports
>standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>Spend less time writing and rewriting code and more time creating great
>experiences on the web. Be a part of the beta today.
>http://p.sf.net/sfu/beautyoftheweb>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users